By Every time an engineer uses AI-powered troubleshooting inside an observability platform, data moves. That data can include PII, internal service telemetry, and live customer prompts. Most observability vendors process that data on their own infrastructure, outside the customer’s control. For enterprises operating under data sovereignty requirements or in regulated industries, this creates a compliance and security exposure that blocks AI adoption entirely.
In this interview on TFiR, Shahar Azulay, CEO and Co-Founder at groundcover, walks through how groundcover’s bring-your-own-cloud data plane architecture allows enterprises to use AI-powered observability while keeping all data and all AI inference inside their own VPC.
Guest: Shahar Azulay, CEO and Co-Founder at groundcover
Show: TFiR
Here is what every platform engineer and enterprise security team needs to know.
Technical Deep Dive
Q: Why does AI adoption create new data sovereignty and data privacy risks for enterprises?
Shahar Azulay, CEO and Co-Founder at groundcover, explains that the core concern enterprises have about AI is who accesses the data, who processes it, and who trains on it. When AI-powered tooling is operated by a third-party vendor, sensitive data including PII and customer prompts can flow to infrastructure the enterprise does not control. This risk is amplified in observability contexts because telemetry data is rich and often contains information that was never intended to leave the organization’s environment.
“The major concern about AI is who’s going to use it and what data is going to be moved through there. Who’s processing the data, who’s training on this data.” — Shahar Azulay, CEO and Co-Founder, groundcover
Q: What is groundcover’s bring-your-own-cloud architecture and how does it address data sovereignty?
Azulay describes groundcover’s foundational design principle as a bring-your-own-cloud data plane. groundcover does not own or store customer data on its own infrastructure. All data is stored privately within the customer’s own cloud environment. This means the vendor never holds the data, and the customer retains full control over what is stored and where.
“Groundcover’s entire approach since the beginning was a bring your own cloud data plane. Basically we don’t own the data, we store it privately.” — Shahar Azulay, CEO and Co-Founder, groundcover
Q: How does groundcover run AI features inside the customer’s own VPC?
Azulay explains that even groundcover’s AI-powered capabilities are executed inside the customer’s own VPC rather than on groundcover’s infrastructure. The AI runs on top of AWS Bedrock or Google Vertex AI using the customer’s own tokens and their own AI models. This means the AI inference itself never leaves the customer’s environment, and groundcover does not have access to what the models process.
“Even AI is operated on top of Bedrock, Vertex, basically the hyperscalers AI connection of the customer. So it’s their tokens, it’s their AI models running in their VPC.” — Shahar Azulay, CEO and Co-Founder, groundcover
Q: What specific data risks exist when using AI-powered observability tools from traditional vendors?
Azulay identifies two concrete risk scenarios. First, PII data captured in telemetry may be shipped to a vendor that is not aware of what it is receiving and is not equipped to handle it appropriately. Second, when engineers use AI to troubleshoot live applications, they may enter customer prompt data directly into the AI interface, which then gets processed and potentially stored by the observability vendor. Both scenarios represent unintended data exposure that the enterprise may not have anticipated or authorized.
“Maybe you didn’t intend that to monitor the customer’s prompts right now that investigate something inside your application. They can even punch in information there that you might not have wanted to store as a vendor.” — Shahar Azulay, CEO and Co-Founder, groundcover
Q: How does geopolitical pressure and cloud sovereignty regulation affect enterprise AI adoption strategies?
Azulay frames the growing geopolitical crisis as a force that amplifies the importance of groundcover’s existing architecture. Enterprises facing data sovereignty requirements cannot afford to have AI inference or observability data processed outside their own environment. The bring-your-own-cloud model, which was groundcover’s design from the start, becomes more strategically relevant as regulatory and geopolitical pressures increase. This positions the architecture not as a feature add-on but as a foundational requirement for enterprise AI adoption.
“This entire motion of bring your own cloud just gets more emphasized with AI. The data is very private, very confidential, basically to the customers, themselves.” — Shahar Azulay, CEO and Co-Founder, groundcover
Resources & Documentation
- groundcover, cloud-native observability platform with a bring-your-own-cloud data plane for Kubernetes environments
- AWS Bedrock, managed foundation model service used by groundcover customers to run AI inference inside their own AWS environment
- Gemini Enterprise Agent Platform (formerly Vertex AI), managed AI platform used by groundcover customers to run AI inference inside their own Google Cloud environment
***
👇 Click to Read Full Raw Transcript
Swapnil Bhartiya: These days when we talk about AI, especially if you look at the geopolitical crisis going on, there is a growing demand for of course, data sovereignty, cloud sovereignty, AI sovereignty. What role can groundcover play in actually enable that kind of sovereignty?
Shahar Azulay: Basically, we see ourselves enabling enterprises to adopt AI more safely. Right. The major concern about AI is who’s going to use it and what data is going to be, you know, moved through there. Who’s processing the data, who, who’s training on this data. Right. Enterprises are very concerned about that. Groundcover’s entire approach since the beginning was a bring your own cloud data plane. Basically we don’t own the data, we store it privately. And even AI is operated on top of the bedrock Verdex, basically the hyperscalers AI connection of the customer. So it’s their tokens, it’s their AI models running in their vpc. So even though we provide all these rich experiences, they’re not going out to anywhere else. So if you want to adopt AI, if you want to troubleshoot with AI, you, you don’t have to be concerned about data privacy, about data sovereignty, about data security. Right. Kind of shipping maybe PII data to a vendor that is not necessarily aware of what it’s getting. Right. Maybe you didn’t intended that to monitor the customer’s prompts right now that investigate something inside your application. They can even punch in information there that you might not have wanted to store as a vendor. So this entire motion of bring your own cloud just gets more emphasized. With AI, the data is very private, very, very confident basically to the customers, them.
